search_alarms
Search and filter alarms in Firewalla MCP server by type, status, source IP, region, or message. Group, sort, and paginate results for efficient network security monitoring.
Instructions
Search alarms using full-text or field filters. Alarm types: 1=Security Activity, 2=Abnormal Upload, 3=Large Bandwidth Usage, 4=Monthly Data Plan, 5=New Device, 6=Device Back Online, 7=Device Offline, 8=Video Activity, 9=Gaming Activity, 10=Porn Activity, 11=VPN Activity, 12=VPN Connection Restored, 13=VPN Connection Error, 14=Open Port, 15=Internet Connectivity Update, 16=Large Upload.
Input Schema
Name | Required | Description | Default |
---|---|---|---|
cursor | No | Pagination cursor from previous response | |
groupBy | No | Group alarms by specified fields (comma-separated) | |
limit | No | Maximum results (optional, default: 200, API maximum: 500) | |
query | No | Search query using Firewalla syntax. Supported fields: type:1-16 (see alarm types above), resolved:true/false, status:1/2 (active/archived), source_ip:192.168.*, region:US (country code), gid:box_id, device.name:*, message:"text search". Examples: "type:8 AND region:US" (video from US), "type:10 AND status:1" (active porn alerts), "source_ip:192.168.* AND NOT resolved:true" | |
sortBy | No | Sort alarms (default: ts:desc) |